你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Default Security Rules - Get

参考

Service:: Virtual Networks

API Version:: 2023-09-01

获取指定的默认网络安全规则。

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}/defaultSecurityRules/{defaultSecurityRuleName}?api-version=2023-09-01

URI 参数

名称	在	必需	类型	说明
defaultSecurityRuleName	path	True	string	默认安全规则的名称。
networkSecurityGroupName	path	True	string	网络安全组的名称。
resourceGroupName	path	True	string	资源组的名称。
subscriptionId	path	True	string	可以唯一标识 Microsoft Azure 订阅的订阅凭据。此订阅 ID 是每个服务调用的 URI 的一部分。
api-version	query	True	string	客户端 API 版本。

响应

名称	类型	说明
200 OK	SecurityRule	请求成功。该操作返回生成的 SecurityRule 资源。
Other Status Codes	CloudError	描述操作失败原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 Flow。

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

名称	说明
user_impersonation	模拟用户帐户

示例

DefaultSecurityRuleGet

Sample Request

GET https://management.azure.com/subscriptions/subid/resourceGroups/testrg/providers/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowVnetInBound?api-version=2023-09-01


/**
 * Samples for DefaultSecurityRules Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/DefaultSecurityRuleGet.json
     */
    /**
     * Sample code: DefaultSecurityRuleGet.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void defaultSecurityRuleGet(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getDefaultSecurityRules().getWithResponse("testrg", "nsg1",
            "AllowVnetInBound", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python default_security_rule_get.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.default_security_rules.get(
        resource_group_name="testrg",
        network_security_group_name="nsg1",
        default_security_rule_name="AllowVnetInBound",
    )
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/DefaultSecurityRuleGet.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/DefaultSecurityRuleGet.json
func ExampleDefaultSecurityRulesClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDefaultSecurityRulesClient().Get(ctx, "testrg", "nsg1", "AllowVnetInBound", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SecurityRule = armnetwork.SecurityRule{
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/testrg/providers/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowVnetInBound"),
	// 	Name: to.Ptr("AllowVnetInBound"),
	// 	Properties: &armnetwork.SecurityRulePropertiesFormat{
	// 		Description: to.Ptr("Allow inbound traffic from all VMs in VNET"),
	// 		Access: to.Ptr(armnetwork.SecurityRuleAccessAllow),
	// 		DestinationAddressPrefix: to.Ptr("VirtualNetwork"),
	// 		DestinationAddressPrefixes: []*string{
	// 		},
	// 		DestinationPortRange: to.Ptr("*"),
	// 		DestinationPortRanges: []*string{
	// 		},
	// 		Direction: to.Ptr(armnetwork.SecurityRuleDirectionInbound),
	// 		Priority: to.Ptr[int32](65000),
	// 		ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 		SourceAddressPrefix: to.Ptr("VirtualNetwork"),
	// 		SourceAddressPrefixes: []*string{
	// 		},
	// 		SourcePortRange: to.Ptr("*"),
	// 		SourcePortRanges: []*string{
	// 		},
	// 		Protocol: to.Ptr(armnetwork.SecurityRuleProtocolAsterisk),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get the specified default network security rule.
 *
 * @summary Get the specified default network security rule.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/DefaultSecurityRuleGet.json
 */
async function defaultSecurityRuleGet() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "testrg";
  const networkSecurityGroupName = "nsg1";
  const defaultSecurityRuleName = "AllowVnetInBound";
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.defaultSecurityRules.get(
    resourceGroupName,
    networkSecurityGroupName,
    defaultSecurityRuleName,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/DefaultSecurityRuleGet.json
// this example is just showing the usage of "DefaultSecurityRules_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this NetworkSecurityGroupResource created on azure
// for more information of creating NetworkSecurityGroupResource, please refer to the document of NetworkSecurityGroupResource
string subscriptionId = "subid";
string resourceGroupName = "testrg";
string networkSecurityGroupName = "nsg1";
ResourceIdentifier networkSecurityGroupResourceId = NetworkSecurityGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkSecurityGroupName);
NetworkSecurityGroupResource networkSecurityGroup = client.GetNetworkSecurityGroupResource(networkSecurityGroupResourceId);

// get the collection of this DefaultSecurityRuleResource
DefaultSecurityRuleCollection collection = networkSecurityGroup.GetDefaultSecurityRules();

// invoke the operation
string defaultSecurityRuleName = "AllowVnetInBound";
NullableResponse<DefaultSecurityRuleResource> response = await collection.GetIfExistsAsync(defaultSecurityRuleName);
DefaultSecurityRuleResource result = response.HasValue ? response.Value : null;

if (result == null)
{
    Console.WriteLine($"Succeeded with null as result");
}
else
{
    // the variable result is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    SecurityRuleData resourceData = result.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "name": "AllowVnetInBound",
  "id": "/subscriptions/subid/resourceGroups/testrg/providers/Microsoft.Network/networkSecurityGroups/nsg1/defaultSecurityRules/AllowVnetInBound",
  "properties": {
    "provisioningState": "Succeeded",
    "description": "Allow inbound traffic from all VMs in VNET",
    "protocol": "*",
    "sourcePortRange": "*",
    "destinationPortRange": "*",
    "sourceAddressPrefix": "VirtualNetwork",
    "destinationAddressPrefix": "VirtualNetwork",
    "access": "Allow",
    "priority": 65000,
    "direction": "Inbound",
    "sourcePortRanges": [],
    "destinationPortRanges": [],
    "sourceAddressPrefixes": [],
    "destinationAddressPrefixes": []
  }
}

定义

名称	说明
ApplicationSecurityGroup	资源组中的应用程序安全组。
CloudError	来自服务的错误响应。
CloudErrorBody	来自服务的错误响应。
ProvisioningState	当前预配状态。
SecurityRule	网络安全规则。
SecurityRuleAccess	是允许还是拒绝网络流量。
SecurityRuleDirection	规则的方向。 direction 指定是要针对传入流量还是传出流量评估该规则。
SecurityRuleProtocol	此规则应用到的网络协议。

ApplicationSecurityGroup

资源组中的应用程序安全组。

名称	类型	说明
etag	string	一个唯一的只读字符串，每当资源更新时都会更改。
id	string	资源 ID。
location	string	资源位置。
name	string	资源名称。
properties.provisioningState	ProvisioningState	应用程序安全组资源的预配状态。
properties.resourceGuid	string	应用程序安全组资源的资源 GUID 属性。它唯一标识资源，即使用户更改其名称或跨订阅或资源组迁移资源也是如此。
tags	object	资源标记。
type	string	资源类型。

CloudError

来自服务的错误响应。

名称	类型	说明
error	CloudErrorBody	云错误正文。

CloudErrorBody

来自服务的错误响应。

名称	类型	说明
code	string	错误的标识符。代码是固定的，旨在以编程方式使用。
details	CloudErrorBody[]	有关错误的其他详细信息的列表。
message	string	描述错误的消息，该消息适用于在用户界面中显示。
target	string	特定错误的目标。例如，属性的名称出错。

ProvisioningState

当前预配状态。

名称	类型	说明
Deleting	string
Failed	string
Succeeded	string
Updating	string

SecurityRule

网络安全规则。

名称	类型	说明
etag	string	一个唯一的只读字符串，每当资源更新时都会更改。
id	string	资源 ID。
name	string	资源组中唯一的资源的名称。此名称可用于访问资源。
properties.access	SecurityRuleAccess	允许或拒绝网络流量。
properties.description	string	此规则的说明。限制为 140 个字符。
properties.destinationAddressPrefix	string	目标地址前缀。 CIDR 或目标 IP 范围。也可以使用星号“*”来匹配所有源 IP。也可以使用“VirtualNetwork”、“AzureLoadBalancer”和“Internet”等默认标记。
properties.destinationAddressPrefixes	string[]	目标地址前缀。 CIDR 或目标 IP 范围。
properties.destinationApplicationSecurityGroups	ApplicationSecurityGroup[]	指定为目标的应用程序安全组。
properties.destinationPortRange	string	目标端口或范围。介于 0 和 65535 之间的整数或范围。星号“*”也可用于匹配所有端口。
properties.destinationPortRanges	string[]	目标端口范围。
properties.direction	SecurityRuleDirection	规则的方向。 direction 指定是要针对传入流量还是传出流量评估该规则。
properties.priority	integer	规则的优先级。该值可以介于 100 和 4096 之间。集合中每个规则的优先级编号必须是唯一的。优先级编号越低，规则优先级越高。
properties.protocol	SecurityRuleProtocol	此规则应用到的网络协议。
properties.provisioningState	ProvisioningState	安全规则资源的预配状态。
properties.sourceAddressPrefix	string	CIDR 或源 IP 范围。也可以使用星号“*”来匹配所有源 IP。也可以使用“VirtualNetwork”、“AzureLoadBalancer”和“Internet”等默认标记。如果这是入口规则，则指定网络流量的来源。
properties.sourceAddressPrefixes	string[]	CIDR 或源 IP 范围。
properties.sourceApplicationSecurityGroups	ApplicationSecurityGroup[]	指定为源的应用程序安全组。
properties.sourcePortRange	string	源端口或范围。介于 0 和 65535 之间的整数或范围。星号“*”也可用于匹配所有端口。
properties.sourcePortRanges	string[]	源端口范围。
type	string	资源类型。

SecurityRuleAccess

是允许还是拒绝网络流量。

名称	类型	说明
Allow	string
Deny	string

SecurityRuleDirection

规则的方向。 direction 指定是要针对传入流量还是传出流量评估该规则。

名称	类型	说明
Inbound	string
Outbound	string

SecurityRuleProtocol

此规则应用到的网络协议。

名称	类型	说明
*	string
Ah	string
Esp	string
Icmp	string
Tcp	string
Udp	string